Is malware really a big problem for Android users?

Last week, Ohio-based Juniper Networks of Sunnyvale, Calif., reported that malicious software targeting Google’s Android platform had increased by a whopping 427 percent since July. Given that Android is the dominant mobile operating system and that the primary source of software for it – Google’s Android Market – doesn’t vet apps before they’re posted, it makes sense that evildoers would make Android their primary target.

Juniper found that the main type of malicious code is spyware, just as it is in the Windows world on the PC.

The majority of malicious applications target communications, location, or other personal identifying information. Of the known Android malware samples, 55%, acts in one way or another as spyware. The other major type of attack, which make up 44%, are SMS Trojans, which send SMS messages to premium rate numbers owned by the attacker in the background of a legitimate application, without the person’s knowledge. Once these messages are sent, the money is not recoverable, and the owners of these premium rate numbers are generally anonymous. (Have you ever considered voting for American Idol via text message and it costs you $1.99 or $2.99 per vote? That’s how it works.)

The company also surmised that the primary authors of this malware once targeted Symbian and Microsoft’s old Windows Mobile platforms, but they’ve moved on to greener pastures now that Android dominates.

That 427 percent increase is scary, but how real is this threat? Day-to-day, are Android users really under constant attack?

Probably not, and there’s an interesting article that puts Android’s malware problem into the proper perspective from an unlikely source: theMac Observer website.

Sascha Segan of PC Magazine said Android’s malware problems are largely confined to China and that when malware is found in the Android Market, Google removes it. Gartner analyst Michael Gartenberg said customers run the most risk by side-loading apps from outside mainstream app stores, but very few Android users actually do this – and the ones that do are geeky enough to deal with the issues. Dan Frommer ofSplatf agreed that Google fixes malware issues in a timely manner, but had more praise for Amazon, which curates apps in its own Android store.

And Segan pointed out what he thought was the real problem with Android apps, and that’s their quality:

. . . “Perhaps the bigger problem is badly written apps, apps that burn up the network — and your battery. I’ve heard about apps that don’t respect the no data roaming flag. So you get back from a foreign travel and find thousands of dollars worth of charges. And, finally, a lot of Android apps pester you for permissions, so pay close attention to that.”

I had considered writing something similar about the Juniper report, and I’m glad Martellaro took it on. Juniper’s raw numbers may indeed be accurate, but they don’t give a realistic picture of the way people use their phones.

Most Android users get their apps from Google’s Market, and while apps aren’t vetted, the rating and reporting process flags malicious software quickly. Indeed, there’s no evidence that millions of Android devices are infected with malware. If there was, you’d see the same level of reporting that you see now about the Windows ecosystem.